search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tcg: Add tlb_index and tlb_entry helpers
[qemu/ar7.git] / accel / tcg / cputlb.c
blobe4993d72fbf463eb668eed3a89da6b64ece906cd
1 /*
2 * Common CPU TLB handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "qemu/main-loop.h"
22 #include "cpu.h"
23 #include "exec/exec-all.h"
24 #include "exec/memory.h"
25 #include "exec/address-spaces.h"
26 #include "exec/cpu_ldst.h"
27 #include "exec/cputlb.h"
28 #include "exec/memory-internal.h"
29 #include "exec/ram_addr.h"
30 #include "tcg/tcg.h"
31 #include "qemu/error-report.h"
32 #include "exec/log.h"
33 #include "exec/helper-proto.h"
34 #include "qemu/atomic.h"
35
36 /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
37 /* #define DEBUG_TLB */
38 /* #define DEBUG_TLB_LOG */
39
40 #ifdef DEBUG_TLB
41 # define DEBUG_TLB_GATE 1
42 # ifdef DEBUG_TLB_LOG
43 # define DEBUG_TLB_LOG_GATE 1
44 # else
45 # define DEBUG_TLB_LOG_GATE 0
46 # endif
47 #else
48 # define DEBUG_TLB_GATE 0
49 # define DEBUG_TLB_LOG_GATE 0
50 #endif
51
52 #define tlb_debug(fmt, ...) do { \
53 if (DEBUG_TLB_LOG_GATE) { \
54 qemu_log_mask(CPU_LOG_MMU, "%s: " fmt, __func__, \
55 ## __VA_ARGS__); \
56 } else if (DEBUG_TLB_GATE) { \
57 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \
58 } \
59 } while (0)
60
61 #define assert_cpu_is_self(cpu) do { \
62 if (DEBUG_TLB_GATE) { \
63 g_assert(!(cpu)->created || qemu_cpu_is_self(cpu)); \
64 } \
65 } while (0)
66
67 /* run_on_cpu_data.target_ptr should always be big enough for a
68 * target_ulong even on 32 bit builds */
69 QEMU_BUILD_BUG_ON(sizeof(target_ulong) > sizeof(run_on_cpu_data));
70
71 /* We currently can't handle more than 16 bits in the MMUIDX bitmask.
72 */
73 QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
74 #define ALL_MMUIDX_BITS ((1 << NB_MMU_MODES) - 1)
75
76 void tlb_init(CPUState *cpu)
77 {
78 CPUArchState *env = cpu->env_ptr;
79
80 qemu_spin_init(&env->tlb_lock);
81 }
82
83 /* flush_all_helper: run fn across all cpus
84 *
85 * If the wait flag is set then the src cpu's helper will be queued as
86 * "safe" work and the loop exited creating a synchronisation point
87 * where all queued work will be finished before execution starts
88 * again.
89 */
90 static void flush_all_helper(CPUState *src, run_on_cpu_func fn,
91 run_on_cpu_data d)
92 {
93 CPUState *cpu;
94
95 CPU_FOREACH(cpu) {
96 if (cpu != src) {
97 async_run_on_cpu(cpu, fn, d);
98 }
99 }
100 }
101
102 size_t tlb_flush_count(void)
103 {
104 CPUState *cpu;
105 size_t count = 0;
106
107 CPU_FOREACH(cpu) {
108 CPUArchState *env = cpu->env_ptr;
109
110 count += atomic_read(&env->tlb_flush_count);
111 }
112 return count;
113 }
114
115 /* This is OK because CPU architectures generally permit an
116 * implementation to drop entries from the TLB at any time, so
117 * flushing more entries than required is only an efficiency issue,
118 * not a correctness issue.
119 */
120 static void tlb_flush_nocheck(CPUState *cpu)
121 {
122 CPUArchState *env = cpu->env_ptr;
123
124 /* The QOM tests will trigger tlb_flushes without setting up TCG
125 * so we bug out here in that case.
126 */
127 if (!tcg_enabled()) {
128 return;
129 }
130
131 assert_cpu_is_self(cpu);
132 atomic_set(&env->tlb_flush_count, env->tlb_flush_count + 1);
133 tlb_debug("(count: %zu)\n", tlb_flush_count());
134
135 /*
136 * tlb_table/tlb_v_table updates from any thread must hold tlb_lock.
137 * However, updates from the owner thread (as is the case here; see the
138 * above assert_cpu_is_self) do not need atomic_set because all reads
139 * that do not hold the lock are performed by the same owner thread.
140 */
141 qemu_spin_lock(&env->tlb_lock);
142 memset(env->tlb_table, -1, sizeof(env->tlb_table));
143 memset(env->tlb_v_table, -1, sizeof(env->tlb_v_table));
144 qemu_spin_unlock(&env->tlb_lock);
145
146 cpu_tb_jmp_cache_clear(cpu);
147
148 env->vtlb_index = 0;
149 env->tlb_flush_addr = -1;
150 env->tlb_flush_mask = 0;
151
152 atomic_mb_set(&cpu->pending_tlb_flush, 0);
153 }
154
155 static void tlb_flush_global_async_work(CPUState *cpu, run_on_cpu_data data)
156 {
157 tlb_flush_nocheck(cpu);
158 }
159
160 void tlb_flush(CPUState *cpu)
161 {
162 if (cpu->created && !qemu_cpu_is_self(cpu)) {
163 if (atomic_mb_read(&cpu->pending_tlb_flush) != ALL_MMUIDX_BITS) {
164 atomic_mb_set(&cpu->pending_tlb_flush, ALL_MMUIDX_BITS);
165 async_run_on_cpu(cpu, tlb_flush_global_async_work,
166 RUN_ON_CPU_NULL);
167 }
168 } else {
169 tlb_flush_nocheck(cpu);
170 }
171 }
172
173 void tlb_flush_all_cpus(CPUState *src_cpu)
174 {
175 const run_on_cpu_func fn = tlb_flush_global_async_work;
176 flush_all_helper(src_cpu, fn, RUN_ON_CPU_NULL);
177 fn(src_cpu, RUN_ON_CPU_NULL);
178 }
179
180 void tlb_flush_all_cpus_synced(CPUState *src_cpu)
181 {
182 const run_on_cpu_func fn = tlb_flush_global_async_work;
183 flush_all_helper(src_cpu, fn, RUN_ON_CPU_NULL);
184 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_NULL);
185 }
186
187 static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
188 {
189 CPUArchState *env = cpu->env_ptr;
190 unsigned long mmu_idx_bitmask = data.host_int;
191 int mmu_idx;
192
193 assert_cpu_is_self(cpu);
194
195 tlb_debug("start: mmu_idx:0x%04lx\n", mmu_idx_bitmask);
196
197 qemu_spin_lock(&env->tlb_lock);
198 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
199
200 if (test_bit(mmu_idx, &mmu_idx_bitmask)) {
201 tlb_debug("%d\n", mmu_idx);
202
203 memset(env->tlb_table[mmu_idx], -1, sizeof(env->tlb_table[0]));
204 memset(env->tlb_v_table[mmu_idx], -1, sizeof(env->tlb_v_table[0]));
205 }
206 }
207 qemu_spin_unlock(&env->tlb_lock);
208
209 cpu_tb_jmp_cache_clear(cpu);
210
211 tlb_debug("done\n");
212 }
213
214 void tlb_flush_by_mmuidx(CPUState *cpu, uint16_t idxmap)
215 {
216 tlb_debug("mmu_idx: 0x%" PRIx16 "\n", idxmap);
217
218 if (!qemu_cpu_is_self(cpu)) {
219 uint16_t pending_flushes = idxmap;
220 pending_flushes &= ~atomic_mb_read(&cpu->pending_tlb_flush);
221
222 if (pending_flushes) {
223 tlb_debug("reduced mmu_idx: 0x%" PRIx16 "\n", pending_flushes);
224
225 atomic_or(&cpu->pending_tlb_flush, pending_flushes);
226 async_run_on_cpu(cpu, tlb_flush_by_mmuidx_async_work,
227 RUN_ON_CPU_HOST_INT(pending_flushes));
228 }
229 } else {
230 tlb_flush_by_mmuidx_async_work(cpu,
231 RUN_ON_CPU_HOST_INT(idxmap));
232 }
233 }
234
235 void tlb_flush_by_mmuidx_all_cpus(CPUState *src_cpu, uint16_t idxmap)
236 {
237 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
238
239 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
240
241 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
242 fn(src_cpu, RUN_ON_CPU_HOST_INT(idxmap));
243 }
244
245 void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
246 uint16_t idxmap)
247 {
248 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
249
250 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
251
252 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
253 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
254 }
255
256 static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry,
257 target_ulong page)
258 {
259 return tlb_hit_page(tlb_entry->addr_read, page) ||
260 tlb_hit_page(tlb_entry->addr_write, page) ||
261 tlb_hit_page(tlb_entry->addr_code, page);
262 }
263
264 /* Called with tlb_lock held */
265 static inline void tlb_flush_entry_locked(CPUTLBEntry *tlb_entry,
266 target_ulong page)
267 {
268 if (tlb_hit_page_anyprot(tlb_entry, page)) {
269 memset(tlb_entry, -1, sizeof(*tlb_entry));
270 }
271 }
272
273 /* Called with tlb_lock held */
274 static inline void tlb_flush_vtlb_page_locked(CPUArchState *env, int mmu_idx,
275 target_ulong page)
276 {
277 int k;
278
279 assert_cpu_is_self(ENV_GET_CPU(env));
280 for (k = 0; k < CPU_VTLB_SIZE; k++) {
281 tlb_flush_entry_locked(&env->tlb_v_table[mmu_idx][k], page);
282 }
283 }
284
285 static void tlb_flush_page_async_work(CPUState *cpu, run_on_cpu_data data)
286 {
287 CPUArchState *env = cpu->env_ptr;
288 target_ulong addr = (target_ulong) data.target_ptr;
289 int mmu_idx;
290
291 assert_cpu_is_self(cpu);
292
293 tlb_debug("page :" TARGET_FMT_lx "\n", addr);
294
295 /* Check if we need to flush due to large pages. */
296 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
297 tlb_debug("forcing full flush ("
298 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
299 env->tlb_flush_addr, env->tlb_flush_mask);
300
301 tlb_flush(cpu);
302 return;
303 }
304
305 addr &= TARGET_PAGE_MASK;
306 qemu_spin_lock(&env->tlb_lock);
307 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
308 tlb_flush_entry_locked(tlb_entry(env, mmu_idx, addr), addr);
309 tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
310 }
311 qemu_spin_unlock(&env->tlb_lock);
312
313 tb_flush_jmp_cache(cpu, addr);
314 }
315
316 void tlb_flush_page(CPUState *cpu, target_ulong addr)
317 {
318 tlb_debug("page :" TARGET_FMT_lx "\n", addr);
319
320 if (!qemu_cpu_is_self(cpu)) {
321 async_run_on_cpu(cpu, tlb_flush_page_async_work,
322 RUN_ON_CPU_TARGET_PTR(addr));
323 } else {
324 tlb_flush_page_async_work(cpu, RUN_ON_CPU_TARGET_PTR(addr));
325 }
326 }
327
328 /* As we are going to hijack the bottom bits of the page address for a
329 * mmuidx bit mask we need to fail to build if we can't do that
330 */
331 QEMU_BUILD_BUG_ON(NB_MMU_MODES > TARGET_PAGE_BITS_MIN);
332
333 static void tlb_flush_page_by_mmuidx_async_work(CPUState *cpu,
334 run_on_cpu_data data)
335 {
336 CPUArchState *env = cpu->env_ptr;
337 target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr;
338 target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK;
339 unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS;
340 int mmu_idx;
341
342 assert_cpu_is_self(cpu);
343
344 tlb_debug("flush page addr:"TARGET_FMT_lx" mmu_idx:0x%lx\n",
345 addr, mmu_idx_bitmap);
346
347 qemu_spin_lock(&env->tlb_lock);
348 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
349 if (test_bit(mmu_idx, &mmu_idx_bitmap)) {
350 tlb_flush_entry_locked(tlb_entry(env, mmu_idx, addr), addr);
351 tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
352 }
353 }
354 qemu_spin_unlock(&env->tlb_lock);
355
356 tb_flush_jmp_cache(cpu, addr);
357 }
358
359 static void tlb_check_page_and_flush_by_mmuidx_async_work(CPUState *cpu,
360 run_on_cpu_data data)
361 {
362 CPUArchState *env = cpu->env_ptr;
363 target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr;
364 target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK;
365 unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS;
366
367 tlb_debug("addr:"TARGET_FMT_lx" mmu_idx: %04lx\n", addr, mmu_idx_bitmap);
368
369 /* Check if we need to flush due to large pages. */
370 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
371 tlb_debug("forced full flush ("
372 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
373 env->tlb_flush_addr, env->tlb_flush_mask);
374
375 tlb_flush_by_mmuidx_async_work(cpu,
376 RUN_ON_CPU_HOST_INT(mmu_idx_bitmap));
377 } else {
378 tlb_flush_page_by_mmuidx_async_work(cpu, data);
379 }
380 }
381
382 void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, uint16_t idxmap)
383 {
384 target_ulong addr_and_mmu_idx;
385
386 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%" PRIx16 "\n", addr, idxmap);
387
388 /* This should already be page aligned */
389 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
390 addr_and_mmu_idx |= idxmap;
391
392 if (!qemu_cpu_is_self(cpu)) {
393 async_run_on_cpu(cpu, tlb_check_page_and_flush_by_mmuidx_async_work,
394 RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
395 } else {
396 tlb_check_page_and_flush_by_mmuidx_async_work(
397 cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
398 }
399 }
400
401 void tlb_flush_page_by_mmuidx_all_cpus(CPUState *src_cpu, target_ulong addr,
402 uint16_t idxmap)
403 {
404 const run_on_cpu_func fn = tlb_check_page_and_flush_by_mmuidx_async_work;
405 target_ulong addr_and_mmu_idx;
406
407 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
408
409 /* This should already be page aligned */
410 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
411 addr_and_mmu_idx |= idxmap;
412
413 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
414 fn(src_cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
415 }
416
417 void tlb_flush_page_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
418 target_ulong addr,
419 uint16_t idxmap)
420 {
421 const run_on_cpu_func fn = tlb_check_page_and_flush_by_mmuidx_async_work;
422 target_ulong addr_and_mmu_idx;
423
424 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
425
426 /* This should already be page aligned */
427 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
428 addr_and_mmu_idx |= idxmap;
429
430 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
431 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
432 }
433
434 void tlb_flush_page_all_cpus(CPUState *src, target_ulong addr)
435 {
436 const run_on_cpu_func fn = tlb_flush_page_async_work;
437
438 flush_all_helper(src, fn, RUN_ON_CPU_TARGET_PTR(addr));
439 fn(src, RUN_ON_CPU_TARGET_PTR(addr));
440 }
441
442 void tlb_flush_page_all_cpus_synced(CPUState *src,
443 target_ulong addr)
444 {
445 const run_on_cpu_func fn = tlb_flush_page_async_work;
446
447 flush_all_helper(src, fn, RUN_ON_CPU_TARGET_PTR(addr));
448 async_safe_run_on_cpu(src, fn, RUN_ON_CPU_TARGET_PTR(addr));
449 }
450
451 /* update the TLBs so that writes to code in the virtual page 'addr'
452 can be detected */
453 void tlb_protect_code(ram_addr_t ram_addr)
454 {
455 cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
456 DIRTY_MEMORY_CODE);
457 }
458
459 /* update the TLB so that writes in physical page 'phys_addr' are no longer
460 tested for self modifying code */
461 void tlb_unprotect_code(ram_addr_t ram_addr)
462 {
463 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE);
464 }
465
466
467 /*
468 * Dirty write flag handling
469 *
470 * When the TCG code writes to a location it looks up the address in
471 * the TLB and uses that data to compute the final address. If any of
472 * the lower bits of the address are set then the slow path is forced.
473 * There are a number of reasons to do this but for normal RAM the
474 * most usual is detecting writes to code regions which may invalidate
475 * generated code.
476 *
477 * Other vCPUs might be reading their TLBs during guest execution, so we update
478 * te->addr_write with atomic_set. We don't need to worry about this for
479 * oversized guests as MTTCG is disabled for them.
480 *
481 * Called with tlb_lock held.
482 */
483 static void tlb_reset_dirty_range_locked(CPUTLBEntry *tlb_entry,
484 uintptr_t start, uintptr_t length)
485 {
486 uintptr_t addr = tlb_entry->addr_write;
487
488 if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) {
489 addr &= TARGET_PAGE_MASK;
490 addr += tlb_entry->addend;
491 if ((addr - start) < length) {
492 #if TCG_OVERSIZED_GUEST
493 tlb_entry->addr_write |= TLB_NOTDIRTY;
494 #else
495 atomic_set(&tlb_entry->addr_write,
496 tlb_entry->addr_write | TLB_NOTDIRTY);
497 #endif
498 }
499 }
500 }
501
502 /*
503 * Called with tlb_lock held.
504 * Called only from the vCPU context, i.e. the TLB's owner thread.
505 */
506 static inline void copy_tlb_helper_locked(CPUTLBEntry *d, const CPUTLBEntry *s)
507 {
508 *d = *s;
509 }
510
511 /* This is a cross vCPU call (i.e. another vCPU resetting the flags of
512 * the target vCPU).
513 * We must take tlb_lock to avoid racing with another vCPU update. The only
514 * thing actually updated is the target TLB entry ->addr_write flags.
515 */
516 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
517 {
518 CPUArchState *env;
519
520 int mmu_idx;
521
522 env = cpu->env_ptr;
523 qemu_spin_lock(&env->tlb_lock);
524 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
525 unsigned int i;
526
527 for (i = 0; i < CPU_TLB_SIZE; i++) {
528 tlb_reset_dirty_range_locked(&env->tlb_table[mmu_idx][i], start1,
529 length);
530 }
531
532 for (i = 0; i < CPU_VTLB_SIZE; i++) {
533 tlb_reset_dirty_range_locked(&env->tlb_v_table[mmu_idx][i], start1,
534 length);
535 }
536 }
537 qemu_spin_unlock(&env->tlb_lock);
538 }
539
540 /* Called with tlb_lock held */
541 static inline void tlb_set_dirty1_locked(CPUTLBEntry *tlb_entry,
542 target_ulong vaddr)
543 {
544 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY)) {
545 tlb_entry->addr_write = vaddr;
546 }
547 }
548
549 /* update the TLB corresponding to virtual page vaddr
550 so that it is no longer dirty */
551 void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
552 {
553 CPUArchState *env = cpu->env_ptr;
554 int mmu_idx;
555
556 assert_cpu_is_self(cpu);
557
558 vaddr &= TARGET_PAGE_MASK;
559 qemu_spin_lock(&env->tlb_lock);
560 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
561 tlb_set_dirty1_locked(tlb_entry(env, mmu_idx, vaddr), vaddr);
562 }
563
564 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
565 int k;
566 for (k = 0; k < CPU_VTLB_SIZE; k++) {
567 tlb_set_dirty1_locked(&env->tlb_v_table[mmu_idx][k], vaddr);
568 }
569 }
570 qemu_spin_unlock(&env->tlb_lock);
571 }
572
573 /* Our TLB does not support large pages, so remember the area covered by
574 large pages and trigger a full TLB flush if these are invalidated. */
575 static void tlb_add_large_page(CPUArchState *env, target_ulong vaddr,
576 target_ulong size)
577 {
578 target_ulong mask = ~(size - 1);
579
580 if (env->tlb_flush_addr == (target_ulong)-1) {
581 env->tlb_flush_addr = vaddr & mask;
582 env->tlb_flush_mask = mask;
583 return;
584 }
585 /* Extend the existing region to include the new page.
586 This is a compromise between unnecessary flushes and the cost
587 of maintaining a full variable size TLB. */
588 mask &= env->tlb_flush_mask;
589 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
590 mask <<= 1;
591 }
592 env->tlb_flush_addr &= mask;
593 env->tlb_flush_mask = mask;
594 }
595
596 /* Add a new TLB entry. At most one entry for a given virtual address
597 * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
598 * supplied size is only used by tlb_flush_page.
599 *
600 * Called from TCG-generated code, which is under an RCU read-side
601 * critical section.
602 */
603 void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
604 hwaddr paddr, MemTxAttrs attrs, int prot,
605 int mmu_idx, target_ulong size)
606 {
607 CPUArchState *env = cpu->env_ptr;
608 MemoryRegionSection *section;
609 unsigned int index;
610 target_ulong address;
611 target_ulong code_address;
612 uintptr_t addend;
613 CPUTLBEntry *te, tn;
614 hwaddr iotlb, xlat, sz, paddr_page;
615 target_ulong vaddr_page;
616 int asidx = cpu_asidx_from_attrs(cpu, attrs);
617
618 assert_cpu_is_self(cpu);
619
620 if (size < TARGET_PAGE_SIZE) {
621 sz = TARGET_PAGE_SIZE;
622 } else {
623 if (size > TARGET_PAGE_SIZE) {
624 tlb_add_large_page(env, vaddr, size);
625 }
626 sz = size;
627 }
628 vaddr_page = vaddr & TARGET_PAGE_MASK;
629 paddr_page = paddr & TARGET_PAGE_MASK;
630
631 section = address_space_translate_for_iotlb(cpu, asidx, paddr_page,
632 &xlat, &sz, attrs, &prot);
633 assert(sz >= TARGET_PAGE_SIZE);
634
635 tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
636 " prot=%x idx=%d\n",
637 vaddr, paddr, prot, mmu_idx);
638
639 address = vaddr_page;
640 if (size < TARGET_PAGE_SIZE) {
641 /*
642 * Slow-path the TLB entries; we will repeat the MMU check and TLB
643 * fill on every access.
644 */
645 address |= TLB_RECHECK;
646 }
647 if (!memory_region_is_ram(section->mr) &&
648 !memory_region_is_romd(section->mr)) {
649 /* IO memory case */
650 address |= TLB_MMIO;
651 addend = 0;
652 } else {
653 /* TLB_MMIO for rom/romd handled below */
654 addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
655 }
656
657 code_address = address;
658 iotlb = memory_region_section_get_iotlb(cpu, section, vaddr_page,
659 paddr_page, xlat, prot, &address);
660
661 index = tlb_index(env, mmu_idx, vaddr_page);
662 te = tlb_entry(env, mmu_idx, vaddr_page);
663
664 /*
665 * Hold the TLB lock for the rest of the function. We could acquire/release
666 * the lock several times in the function, but it is faster to amortize the
667 * acquisition cost by acquiring it just once. Note that this leads to
668 * a longer critical section, but this is not a concern since the TLB lock
669 * is unlikely to be contended.
670 */
671 qemu_spin_lock(&env->tlb_lock);
672
673 /* Make sure there's no cached translation for the new page. */
674 tlb_flush_vtlb_page_locked(env, mmu_idx, vaddr_page);
675
676 /*
677 * Only evict the old entry to the victim tlb if it's for a
678 * different page; otherwise just overwrite the stale data.
679 */
680 if (!tlb_hit_page_anyprot(te, vaddr_page)) {
681 unsigned vidx = env->vtlb_index++ % CPU_VTLB_SIZE;
682 CPUTLBEntry *tv = &env->tlb_v_table[mmu_idx][vidx];
683
684 /* Evict the old entry into the victim tlb. */
685 copy_tlb_helper_locked(tv, te);
686 env->iotlb_v[mmu_idx][vidx] = env->iotlb[mmu_idx][index];
687 }
688
689 /* refill the tlb */
690 /*
691 * At this point iotlb contains a physical section number in the lower
692 * TARGET_PAGE_BITS, and either
693 * + the ram_addr_t of the page base of the target RAM (if NOTDIRTY or ROM)
694 * + the offset within section->mr of the page base (otherwise)
695 * We subtract the vaddr_page (which is page aligned and thus won't
696 * disturb the low bits) to give an offset which can be added to the
697 * (non-page-aligned) vaddr of the eventual memory access to get
698 * the MemoryRegion offset for the access. Note that the vaddr we
699 * subtract here is that of the page base, and not the same as the
700 * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
701 */
702 env->iotlb[mmu_idx][index].addr = iotlb - vaddr_page;
703 env->iotlb[mmu_idx][index].attrs = attrs;
704
705 /* Now calculate the new entry */
706 tn.addend = addend - vaddr_page;
707 if (prot & PAGE_READ) {
708 tn.addr_read = address;
709 } else {
710 tn.addr_read = -1;
711 }
712
713 if (prot & PAGE_EXEC) {
714 tn.addr_code = code_address;
715 } else {
716 tn.addr_code = -1;
717 }
718
719 tn.addr_write = -1;
720 if (prot & PAGE_WRITE) {
721 if ((memory_region_is_ram(section->mr) && section->readonly)
722 || memory_region_is_romd(section->mr)) {
723 /* Write access calls the I/O callback. */
724 tn.addr_write = address | TLB_MMIO;
725 } else if (memory_region_is_ram(section->mr)
726 && cpu_physical_memory_is_clean(
727 memory_region_get_ram_addr(section->mr) + xlat)) {
728 tn.addr_write = address | TLB_NOTDIRTY;
729 } else {
730 tn.addr_write = address;
731 }
732 if (prot & PAGE_WRITE_INV) {
733 tn.addr_write |= TLB_INVALID_MASK;
734 }
735 }
736
737 copy_tlb_helper_locked(te, &tn);
738 qemu_spin_unlock(&env->tlb_lock);
739 }
740
741 /* Add a new TLB entry, but without specifying the memory
742 * transaction attributes to be used.
743 */
744 void tlb_set_page(CPUState *cpu, target_ulong vaddr,
745 hwaddr paddr, int prot,
746 int mmu_idx, target_ulong size)
747 {
748 tlb_set_page_with_attrs(cpu, vaddr, paddr, MEMTXATTRS_UNSPECIFIED,
749 prot, mmu_idx, size);
750 }
751
752 static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
753 {
754 ram_addr_t ram_addr;
755
756 ram_addr = qemu_ram_addr_from_host(ptr);
757 if (ram_addr == RAM_ADDR_INVALID) {
758 error_report("Bad ram pointer %p", ptr);
759 abort();
760 }
761 return ram_addr;
762 }
763
764 static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
765 int mmu_idx,
766 target_ulong addr, uintptr_t retaddr,
767 bool recheck, MMUAccessType access_type, int size)
768 {
769 CPUState *cpu = ENV_GET_CPU(env);
770 hwaddr mr_offset;
771 MemoryRegionSection *section;
772 MemoryRegion *mr;
773 uint64_t val;
774 bool locked = false;
775 MemTxResult r;
776
777 if (recheck) {
778 /*
779 * This is a TLB_RECHECK access, where the MMU protection
780 * covers a smaller range than a target page, and we must
781 * repeat the MMU check here. This tlb_fill() call might
782 * longjump out if this access should cause a guest exception.
783 */
784 CPUTLBEntry *entry;
785 target_ulong tlb_addr;
786
787 tlb_fill(cpu, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
788
789 entry = tlb_entry(env, mmu_idx, addr);
790 tlb_addr = entry->addr_read;
791 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
792 /* RAM access */
793 uintptr_t haddr = addr + entry->addend;
794
795 return ldn_p((void *)haddr, size);
796 }
797 /* Fall through for handling IO accesses */
798 }
799
800 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
801 mr = section->mr;
802 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
803 cpu->mem_io_pc = retaddr;
804 if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) {
805 cpu_io_recompile(cpu, retaddr);
806 }
807
808 cpu->mem_io_vaddr = addr;
809 cpu->mem_io_access_type = access_type;
810
811 if (mr->global_locking && !qemu_mutex_iothread_locked()) {
812 qemu_mutex_lock_iothread();
813 locked = true;
814 }
815 r = memory_region_dispatch_read(mr, mr_offset,
816 &val, size, iotlbentry->attrs);
817 if (r != MEMTX_OK) {
818 hwaddr physaddr = mr_offset +
819 section->offset_within_address_space -
820 section->offset_within_region;
821
822 cpu_transaction_failed(cpu, physaddr, addr, size, access_type,
823 mmu_idx, iotlbentry->attrs, r, retaddr);
824 }
825 if (locked) {
826 qemu_mutex_unlock_iothread();
827 }
828
829 return val;
830 }
831
832 static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
833 int mmu_idx,
834 uint64_t val, target_ulong addr,
835 uintptr_t retaddr, bool recheck, int size)
836 {
837 CPUState *cpu = ENV_GET_CPU(env);
838 hwaddr mr_offset;
839 MemoryRegionSection *section;
840 MemoryRegion *mr;
841 bool locked = false;
842 MemTxResult r;
843
844 if (recheck) {
845 /*
846 * This is a TLB_RECHECK access, where the MMU protection
847 * covers a smaller range than a target page, and we must
848 * repeat the MMU check here. This tlb_fill() call might
849 * longjump out if this access should cause a guest exception.
850 */
851 CPUTLBEntry *entry;
852 target_ulong tlb_addr;
853
854 tlb_fill(cpu, addr, size, MMU_DATA_STORE, mmu_idx, retaddr);
855
856 entry = tlb_entry(env, mmu_idx, addr);
857 tlb_addr = entry->addr_write;
858 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
859 /* RAM access */
860 uintptr_t haddr = addr + entry->addend;
861
862 stn_p((void *)haddr, size, val);
863 return;
864 }
865 /* Fall through for handling IO accesses */
866 }
867
868 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
869 mr = section->mr;
870 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
871 if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) {
872 cpu_io_recompile(cpu, retaddr);
873 }
874 cpu->mem_io_vaddr = addr;
875 cpu->mem_io_pc = retaddr;
876
877 if (mr->global_locking && !qemu_mutex_iothread_locked()) {
878 qemu_mutex_lock_iothread();
879 locked = true;
880 }
881 r = memory_region_dispatch_write(mr, mr_offset,
882 val, size, iotlbentry->attrs);
883 if (r != MEMTX_OK) {
884 hwaddr physaddr = mr_offset +
885 section->offset_within_address_space -
886 section->offset_within_region;
887
888 cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_STORE,
889 mmu_idx, iotlbentry->attrs, r, retaddr);
890 }
891 if (locked) {
892 qemu_mutex_unlock_iothread();
893 }
894 }
895
896 /* Return true if ADDR is present in the victim tlb, and has been copied
897 back to the main tlb. */
898 static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
899 size_t elt_ofs, target_ulong page)
900 {
901 size_t vidx;
902
903 assert_cpu_is_self(ENV_GET_CPU(env));
904 for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
905 CPUTLBEntry *vtlb = &env->tlb_v_table[mmu_idx][vidx];
906 target_ulong cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
907
908 if (cmp == page) {
909 /* Found entry in victim tlb, swap tlb and iotlb. */
910 CPUTLBEntry tmptlb, *tlb = &env->tlb_table[mmu_idx][index];
911
912 qemu_spin_lock(&env->tlb_lock);
913 copy_tlb_helper_locked(&tmptlb, tlb);
914 copy_tlb_helper_locked(tlb, vtlb);
915 copy_tlb_helper_locked(vtlb, &tmptlb);
916 qemu_spin_unlock(&env->tlb_lock);
917
918 CPUIOTLBEntry tmpio, *io = &env->iotlb[mmu_idx][index];
919 CPUIOTLBEntry *vio = &env->iotlb_v[mmu_idx][vidx];
920 tmpio = *io; *io = *vio; *vio = tmpio;
921 return true;
922 }
923 }
924 return false;
925 }
926
927 /* Macro to call the above, with local variables from the use context. */
928 #define VICTIM_TLB_HIT(TY, ADDR) \
929 victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \
930 (ADDR) & TARGET_PAGE_MASK)
931
932 /* NOTE: this function can trigger an exception */
933 /* NOTE2: the returned address is not exactly the physical address: it
934 * is actually a ram_addr_t (in system mode; the user mode emulation
935 * version of this function returns a guest virtual address).
936 */
937 tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
938 {
939 uintptr_t mmu_idx = cpu_mmu_index(env, true);
940 uintptr_t index = tlb_index(env, mmu_idx, addr);
941 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
942 void *p;
943
944 if (unlikely(!tlb_hit(entry->addr_code, addr))) {
945 if (!VICTIM_TLB_HIT(addr_code, addr)) {
946 tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
947 }
948 assert(tlb_hit(entry->addr_code, addr));
949 }
950
951 if (unlikely(entry->addr_code & (TLB_RECHECK | TLB_MMIO))) {
952 /*
953 * Return -1 if we can't translate and execute from an entire
954 * page of RAM here, which will cause us to execute by loading
955 * and translating one insn at a time, without caching:
956 * - TLB_RECHECK: means the MMU protection covers a smaller range
957 * than a target page, so we must redo the MMU check every insn
958 * - TLB_MMIO: region is not backed by RAM
959 */
960 return -1;
961 }
962
963 p = (void *)((uintptr_t)addr + entry->addend);
964 return qemu_ram_addr_from_host_nofail(p);
965 }
966
967 /* Probe for whether the specified guest write access is permitted.
968 * If it is not permitted then an exception will be taken in the same
969 * way as if this were a real write access (and we will not return).
970 * Otherwise the function will return, and there will be a valid
971 * entry in the TLB for this access.
972 */
973 void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
974 uintptr_t retaddr)
975 {
976 uintptr_t index = tlb_index(env, mmu_idx, addr);
977 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
978
979 if (!tlb_hit(entry->addr_write, addr)) {
980 /* TLB entry is for a different page */
981 if (!VICTIM_TLB_HIT(addr_write, addr)) {
982 tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE,
983 mmu_idx, retaddr);
984 }
985 }
986 }
987
988 /* Probe for a read-modify-write atomic operation. Do not allow unaligned
989 * operations, or io operations to proceed. Return the host address. */
990 static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
991 TCGMemOpIdx oi, uintptr_t retaddr,
992 NotDirtyInfo *ndi)
993 {
994 size_t mmu_idx = get_mmuidx(oi);
995 uintptr_t index = tlb_index(env, mmu_idx, addr);
996 CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
997 target_ulong tlb_addr = tlbe->addr_write;
998 TCGMemOp mop = get_memop(oi);
999 int a_bits = get_alignment_bits(mop);
1000 int s_bits = mop & MO_SIZE;
1001 void *hostaddr;
1002
1003 /* Adjust the given return address. */
1004 retaddr -= GETPC_ADJ;
1005
1006 /* Enforce guest required alignment. */
1007 if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) {
1008 /* ??? Maybe indicate atomic op to cpu_unaligned_access */
1009 cpu_unaligned_access(ENV_GET_CPU(env), addr, MMU_DATA_STORE,
1010 mmu_idx, retaddr);
1011 }
1012
1013 /* Enforce qemu required alignment. */
1014 if (unlikely(addr & ((1 << s_bits) - 1))) {
1015 /* We get here if guest alignment was not requested,
1016 or was not enforced by cpu_unaligned_access above.
1017 We might widen the access and emulate, but for now
1018 mark an exception and exit the cpu loop. */
1019 goto stop_the_world;
1020 }
1021
1022 /* Check TLB entry and enforce page permissions. */
1023 if (!tlb_hit(tlb_addr, addr)) {
1024 if (!VICTIM_TLB_HIT(addr_write, addr)) {
1025 tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_STORE,
1026 mmu_idx, retaddr);
1027 }
1028 tlb_addr = tlbe->addr_write & ~TLB_INVALID_MASK;
1029 }
1030
1031 /* Notice an IO access or a needs-MMU-lookup access */
1032 if (unlikely(tlb_addr & (TLB_MMIO | TLB_RECHECK))) {
1033 /* There's really nothing that can be done to
1034 support this apart from stop-the-world. */
1035 goto stop_the_world;
1036 }
1037
1038 /* Let the guest notice RMW on a write-only page. */
1039 if (unlikely(tlbe->addr_read != (tlb_addr & ~TLB_NOTDIRTY))) {
1040 tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_LOAD,
1041 mmu_idx, retaddr);
1042 /* Since we don't support reads and writes to different addresses,
1043 and we do have the proper page loaded for write, this shouldn't
1044 ever return. But just in case, handle via stop-the-world. */
1045 goto stop_the_world;
1046 }
1047
1048 hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
1049
1050 ndi->active = false;
1051 if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
1052 ndi->active = true;
1053 memory_notdirty_write_prepare(ndi, ENV_GET_CPU(env), addr,
1054 qemu_ram_addr_from_host_nofail(hostaddr),
1055 1 << s_bits);
1056 }
1057
1058 return hostaddr;
1059
1060 stop_the_world:
1061 cpu_loop_exit_atomic(ENV_GET_CPU(env), retaddr);
1062 }
1063
1064 #ifdef TARGET_WORDS_BIGENDIAN
1065 # define TGT_BE(X) (X)
1066 # define TGT_LE(X) BSWAP(X)
1067 #else
1068 # define TGT_BE(X) BSWAP(X)
1069 # define TGT_LE(X) (X)
1070 #endif
1071
1072 #define MMUSUFFIX _mmu
1073
1074 #define DATA_SIZE 1
1075 #include "softmmu_template.h"
1076
1077 #define DATA_SIZE 2
1078 #include "softmmu_template.h"
1079
1080 #define DATA_SIZE 4
1081 #include "softmmu_template.h"
1082
1083 #define DATA_SIZE 8
1084 #include "softmmu_template.h"
1085
1086 /* First set of helpers allows passing in of OI and RETADDR. This makes
1087 them callable from other helpers. */
1088
1089 #define EXTRA_ARGS , TCGMemOpIdx oi, uintptr_t retaddr
1090 #define ATOMIC_NAME(X) \
1091 HELPER(glue(glue(glue(atomic_ ## X, SUFFIX), END), _mmu))
1092 #define ATOMIC_MMU_DECLS NotDirtyInfo ndi
1093 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, retaddr, &ndi)
1094 #define ATOMIC_MMU_CLEANUP \
1095 do { \
1096 if (unlikely(ndi.active)) { \
1097 memory_notdirty_write_complete(&ndi); \
1098 } \
1099 } while (0)
1100
1101 #define DATA_SIZE 1
1102 #include "atomic_template.h"
1103
1104 #define DATA_SIZE 2
1105 #include "atomic_template.h"
1106
1107 #define DATA_SIZE 4
1108 #include "atomic_template.h"
1109
1110 #ifdef CONFIG_ATOMIC64
1111 #define DATA_SIZE 8
1112 #include "atomic_template.h"
1113 #endif
1114
1115 #ifdef CONFIG_ATOMIC128
1116 #define DATA_SIZE 16
1117 #include "atomic_template.h"
1118 #endif
1119
1120 /* Second set of helpers are directly callable from TCG as helpers. */
1121
1122 #undef EXTRA_ARGS
1123 #undef ATOMIC_NAME
1124 #undef ATOMIC_MMU_LOOKUP
1125 #define EXTRA_ARGS , TCGMemOpIdx oi
1126 #define ATOMIC_NAME(X) HELPER(glue(glue(atomic_ ## X, SUFFIX), END))
1127 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, GETPC(), &ndi)
1128
1129 #define DATA_SIZE 1
1130 #include "atomic_template.h"
1131
1132 #define DATA_SIZE 2
1133 #include "atomic_template.h"
1134
1135 #define DATA_SIZE 4
1136 #include "atomic_template.h"
1137
1138 #ifdef CONFIG_ATOMIC64
1139 #define DATA_SIZE 8
1140 #include "atomic_template.h"
1141 #endif
1142
1143 /* Code access functions. */
1144
1145 #undef MMUSUFFIX
1146 #define MMUSUFFIX _cmmu
1147 #undef GETPC
1148 #define GETPC() ((uintptr_t)0)
1149 #define SOFTMMU_CODE_ACCESS
1150
1151 #define DATA_SIZE 1
1152 #include "softmmu_template.h"
1153
1154 #define DATA_SIZE 2
1155 #include "softmmu_template.h"
1156
1157 #define DATA_SIZE 4
1158 #include "softmmu_template.h"
1159
1160 #define DATA_SIZE 8
1161 #include "softmmu_template.h"
AR7 emulation for QEMU